Authing DocsDocuments
Concept
Guides
Development Integration
Application integration
Concept
Guides
Development Integration
Application integration
Old Version
Guides
  • Quick start

  • Authenticate the user

  • Authority management for users

    • Choose the appropriate permission model
    • Integrate RBAC permission model into your application system
    • Integrate ABAC permission model into your application system
    • Use permission group management permission resources
    • Manage resource permissions
  • Authorization

  • Manage user accounts

  • Manage User Directory

  • Management Application

  • Become a source of federal authentication identity

  • Connect to an external identity provider (IdP)

  • Open up WeChat ecology
  • Migrate users to Authing

  • Management organization

  • Expandable capabilities

  • Audit Log

  • Configure security information

  • Configure user pool information

  • Deployment plan

  • Frequently Asked Questions FAQs

  1. Guides
  2. /
  3. Authority management for users
  4. /
  5. Manage resource permissions

¶ Manage Resource Privileges

Update Time: 2022-05-15 17:45:55
Edit

As an administrator, you canmanage and assign resource privileges on the console. Before practicing privilege management and authorization, you need to understand several concepts.

  1. Application:As an administrator, you can create an application. The application is a definition of the application project you are developing in Authing. For example, when you are actually developing a "web note" application, you should create a "web note" in Authing application.
  2. Resources:You can define some resources in Authing. For example, the resources in the "Web Notes" application may include notebooks, note content, authors, and so on.
  3. User:You can also directly assign privileges to users. You can also divide your users into different groups, roles, and organizations, so that you can manage them when assigning privileges.
  4. Role:A role is a group of users, and the users in the role will automatically inherit the authorized privileges of the role.

Next, we create applications, create resources, create users, and then define the authorization relationship between resources and users.

¶ Create application

Please see the Create application。

¶ Add Resources

In the resource card under the application, click the Add button on the right.

Then fill in a resource name, it is recommended to fill in a semantic resource name to facilitate subsequent management. Resource operations can be defined in the operation type, where read and write operations are defined. Finally, click Save, and a resource is created.

¶ Create a user

In the user list, click New to create a user.

¶ Create a role

In - ApplicationAuthorizationRole Managementcard, click the add button on the right:

After creating the role, you can add users to this role:

You can search users by username, email or nickname.

¶ Privilege management

Now that you haveresources and users, next you have to define 「who」can do what「operations」on which「resources」In the application’s resource authorization card, click the Add button on the right.

The authorized principal can select users. Here we select the user we just created, and select the book resource we just created in the resource type.

Also, the authorized principal can also choose a role, so that all users in the role will automatically inherit the authorized privileges of the role.

Then fill in the resource id *, which means that all book resources are authorized. Select Specific Operationin Operation, and then select the read book list operation in the Resource Operation we just defined, and finally clicks OK.

If you fill in a specific id, such as 42, it means that the book resource number 42 is authorized to the principal. The principal only has the privilege of the book:42 resource, and can only authorize the relevant privilege of the book:42 resource during authorization.

We can also add restrictions to authorization rules. For example, the rules are only valid for Windows users. If the authorization is initiated from a Linux machine, Authing will determine that the user has no permission and cannot complete the authorization of the book resource.

If you want to authorize multiple resources to users, you can continue to add authorization rules.

¶ Programmatic access account

The programmatic access account is a pair of AccessKey and SecretKey in the application, which is used to hand over to third-party vendors. You can use the programmatic access account in combination with the OIDC authorization code to obtain the user's AccessToken and IdToken, or use the programmatic access account to perform OIDC ClientCredentials mode as the caller itself to request authorization.

Prev: Use permission group management permission resources Next: Authorization
  • Create application
  • Add Resources
  • Create a user
  • Create a role
  • Privilege management
  • Programmatic access account

User identity management

Integrated third-party login
Mobile phone number flash check (opens new window)
Universal login form component
Custom authentication process

Enterprise internal management

Single Sign On
Multi-factor Authentication
Authority Management

Developers

Development Document
Framework Integration
Blog (opens new window)
GitHub (opens new window)
Community User Center (opens new window)

Company

400 888 2106
sales@authing.cn
16 / F, Block B, NORTH STAR CENTURY CENTER, Beijing(Total)
room 406, 4th floor, zone B, building 1, No. 200, Tianfu Fifth Street, Chengdu(branch)

Beijing ICP No.19051205-1

© Beijing Steamory Technology Co.